Mediacom Using DPI To Hijack Searches, 404 Errors 379
Verteiron writes "Cable company Mediacom recently began using deep packet inspection to redirect 404 errors, Google and Bing searches to their own, ad-laden 'search engine.' Despite repeated complaints from customers, Mediacom continues this connection hijacking even after the user has opted out of the process. Months after the problem was first reported, the company seems unwilling or unable to fix it and has even experimented with injecting their own advertising into sites like Google. How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?"
HTTPS (Score:5, Informative)
Re: (Score:2)
Yup, time for the web to go to HTTPS.
Re:HTTPS (Score:5, Insightful)
Re: (Score:2, Troll)
When have users ever cares or understood what they are doing? This is the entire premise of the Apple machine. They assume you don't; look how popular that has become.
Re: (Score:2, Insightful)
Someone please mod as troll.
Re: (Score:3, Interesting)
No, he's essentially correct.
Those days are essentially behind us, generally speaking, but you can't tell me that you never met someone who proudly stated "I'm computer illiterate" before? The primary draw of Mac OS was "it's so easy!" And it was! It also meant it would take a back seat to most of the newest and cutting-edge stuff, but the "easy" crowd didn't care about cutting-edge anyway... sounded dangerous after all.
Like it or not, "easy" was a primary marketing point for Apple. And seriously, even
Re:HTTPS (Score:5, Insightful)
Short answer, yes. When I'm working on software/systems architecture standards, etc, there is a disproportionate number of Macs around the room. The value of the Mac as a platform is that it can be simple, but that it also has the full power of Unix underneath. That makes the platform appealing to both those who don't want to have to mess with their computers (like my mother) and to those of us who routinely use "su" and other such facilities. A lot of what I know about working on Unix machines fully transfers over to the Mac.
Making a machine easy to use is not necessarily correlated with ignorant users. A strong platform should support users at all levels.
Re: (Score:3)
Re: (Score:3)
Well, maybe not fucking around with things like the registry is a really good thing. Every time I see an MS article that starts off with regedit, it's pretty easy to see why the users don't want to care or understand how to do the really arcane shit. That was a crappy system when they introduced it, and it's not really any better now.
If the
Re:HTTPS (Score:4, Informative)
Like it or not, the ISP is treated like a phone company
No, the problem is that ISPs are not treated like a phone company. They're not regulated as common-carriers. The FCC considered re-categorizing ISPs as a "Title II" telecommunications service, but backed away after Congressional opposition. Now the Commission is proposing a "third way" which seems unlikely to satisfy either the ISPs or their critics. Here's a quick summary: http://www.engadget.com/2010/05/06/fcc-outlines-new-third-way-internet-regulatory-plan-will-spli/ [engadget.com]
To my mind, ISPs shouldn't be able to process traffic based on anything other than packet headers. Their job is to take a packet I create and deliver it to its intended destination. (Yes, yes, QOS, etc. Whatever is in the headers is fine by me.) DPI equipment should be banned. Anything else offers too many opportunities for censorship and manipulation.
Re: (Score:3)
Sorry, yes. Exactly correct ... I meant that to the end user, the ISP is treated the same as the phone company. It's infrastructure, or at least, that's how people think of it.
Heck, in a lot of cases, your ISP probably is the same as your phone company -- or at least your cable. In my case, it's all 3, plus my cell phones.
Re: (Score:2)
Are you going to paypal me or will you cut a check?
Re: (Score:2)
Even so it has now raised the bar for DPI and changing incoming HTML, in the days of AOL where you had to have software to use a modem I could see getting ISP signed certs installed on the userbase as very easy but now where a wifi router is the primary interface to the ISP am not so sure. Not to mention that the ISP has to get those certs onto Windows, Macs, iOS devices and Android too.
Also what would the legal implication be of an ISP commiting a MITM attach on a customers HTTPS session.
Re: (Score:2)
Not to mention that the ISP has to get those certs onto Windows, Macs, iOS devices and Android too.
Well, without specification regulations (ahem net neutrality) prohibiting this, couldn't an ISP just dictate that only certain operating systems are allowed to be used? That would make the task a whole lot easier. Windows and Mac OS X only? No problem for the ISPs.
On the other hand, they could be a little less aggressive, and only perform the attack on customers who actually make use of the disk that they are given. You would be surprised as to just how many customers actually insert those disks in
Re: (Score:2)
Heck why not just inject browser exploit code into the customer's traffic? It's more eco-friendly and they're already MITM'ing customers anyways. There are already viruses out there that do this.
Re: (Score:2)
Right and I you should point out that if you don't install their certificate for the sites they are MITMing you will just get a certificate warning. Unless you can tunnel your traffic someplace else if they are redirecting destination port 443 to Google's net block your traffic is going to hit their proxy. You can accept it or refuse and not get the page.
They can force most users to just live with it.
Re: (Score:3)
'encourage their customers to use special "installation disks,"'? More like require. EVERY time there's a power outage in my area, I have to install AT&T's shitware in a VM just to get the DSL working. Of course they swear it's a problem on my end, caused by the power outage, but kicking the power on the surge protector does not reproduce the problem.
The thing that galls me is that unwitting customers are installing the crap because AT&T redirects all traffic to a webpage that says "THE INTERNET NEE
Re:Installation disks (Score:5, Interesting)
I got Bellsouth DSL, because cable was not laid on my side of the street. I got the modem and an installation disk. I called and said I was not running an installation disk, please tell me what I need to do special for your connection, if anything.
They said they understood, and I can do it at this web address. The website was basically blank. Are you using internet explorer? No of course I'm not. Well the site only runs in IE. I should have been suspicious, but figured they are idiots.
ActiveX did exactly what the install disk would have done as soon as I opened the page in IE. I'm still finding bits of things. Motive*, MCCI*, att-nap. Of course, bellsouth was bought by ATT, and I was not pleased about finding that out either.
Re:HTTPS (Score:4, Informative)
Re: (Score:3)
Re:HTTPS (Score:4, Informative)
That's not exactly true; SNI allows for HTTPS multihoming, and it's supported by the HTTPS on pretty much every modern platform, *except* for Windows XP. Browsers that use Window's HTTPS code (most of them, IIRC) can't cope with SNI on XP, so no one actually uses it anywhere yet.
Re:HTTPS (Score:4, Informative)
SonicOS 5.6 adds a new deep packet inspection (DPI) engine for SSL encrypted traffic, which has increasingly become a blind spot in many firewall, content filtering and data leak protection schemes today. Bad guys have begun using encryption technologies against the very security communities that made them popular, using encryption to avoid the HTTPS protocol to bypass filters and expose networks to malware attacks.
Re:HTTPS (Score:4, Insightful)
Re:HTTPS (Score:4, Insightful)
That makes it sound like all an ISP would have to do is to put this certificate into an installer that provides it's users with "valuable connection tools and internet utilities". Ship a few CDs to customers and you'll get a large number of people installing and clicking through whatever dialogs pop up because they think they'll need to in order to get online.
Re: (Score:3)
And if they're especially devious they'd just block everything that looks like HTTPS traffic until the user installs the certificate.
Re: (Score:2)
Isn't this public key encryption? You DO know how that works right? Even if the eavesdropper has the public key (transmitted across the wire), it won't do jack. Think of it as 1-way encryption.
Re: (Score:2)
Think of it as 1-way encryption.
Except completely different from a hash.
Re: (Score:2)
I suspect that doing DPI on SSLed traffic requires that the client be configured to trust certificates generated with a key that the firewall has access to,
Re: (Score:2)
It does MITM. You install sonicwalls CA cert on all the machines in the company to do this. Not something you can do to home users.
Re: (Score:3)
Just a note for people running PCI-DSS compliant environments: I was told by my PCI auditor that even though PCI-DSS requires the use of an IDS that does DPS and even though it's rendered useless by the fact that all of my traffic is encrypted. I'm still not permitted to setup any sort of decryption on the firewall.
Re:HTTPS (Score:4, Interesting)
I've seen this term thrown around this thread a lot: MITM. This stands for Man In The Middle, a MITM attack is when an entity, a person or group of people, takes your connection to what ever host and forwards it through their machine. As the service provider MediaCom IS ALREADY THE MAN IN THE MIDDLE. Wikipedia doesn't have an informative article on them but they appear to be a Tier 1 provider so you require their infrastructure to use the internet, that means their systems, their cables and most importantly their DNS tables.
They see your IP connecting to some website, they also see the traffic to and from your machine. They don't need to break any kind of code and read every packet they only need to filter out the legit packets and insert their own. You and a hundred other posts on this thread are over thinking this.
Re: (Score:3)
Not really. "MITM-attack" may mean many different kinds of attack, and is not usually referred to as a breah of network, but whatever malicious purposes such a position as being in the middle can be abused for. Of course, the "Man" is found in the "middle" of your communication between your hopefully trustworthy partner. However, "MITM-attack" doesn't specify wether the "Man" was already there or not, just that "he or she's in the middle" and is doing somethiing they're not supposed to. The connection being
Re: (Score:3)
Ad one more step. Use another DNS server or put the Real Google HTTPS IP address in the hosts file so the ISP can't redirect it with a corrupt DNS server.
Re: (Score:3)
https anywhere is an excellent suggestion, as it shuts down Phorm-like attacks down.
I'd recommend some additional items as well:
1: If you can do this on your router, I'd find the IPs for the dodgy ISP's ad servers, and block [1] them.
2: Adblock, Ghostery, and BetterPrivacy are a must. At least Adblock, because this protects against incoming malicious software far more than any AV utility. Until ad rotating sites take responsibility and stop allowing clients to serve up malicious code, blocking ads is a
Re: (Score:2)
Re: (Score:3)
Is it possible to use Tor for http and no Tor for https?
I'd say that's the opposite of what you should be doing if you're worried about honeypot Tor exit nodes. You should run HTTPS over Tor and use Perspectives to make sure you aren't getting MITM'ed. Don't run unencrypted stuff over Tor that you don't want anyone else to see.
File an Anti-Trust Complaint (Score:5, Informative)
File an anti-trust complaint and break up the monopoly. That is what those laws are for.
FTC Complaint (Score:5, Informative)
In the short-term, an FTC Complaint (https://www.ftccomplaintassistant.gov/) works wonders due to their power to impose fines for every complaint.
File early, file often.
Re: (Score:3)
Watch Mediacom block that site for their customers next. As well as any complaint site for the FCC/franchise authority/state attorney general's office/etc.
Re:FTC Complaint (Score:4, Insightful)
Watch Mediacom block that site for their customers next. As well as any complaint site for the FCC/franchise authority/state attorney general's office/etc.
Before all the other hoopla about Net Neutrality became a CNN talking point, it was issues like this that caused me to want stronger regulations on ISPs. How long before other ISPs start doing the same thing? Will Mediacom start blocking /. because we exposed & brought this nefarious practice to light? What if this made it to CNN or some other major news outlet? If you don't already support Net Neutrality, maybe you ought to start thinking about it. It is the Free Speech Issue of our time.
Re: (Score:3)
Most cable companies are most heavily regulated by local franchise agreements. If I had Mediacom doing this in my area I would probably have to start attending city council meetings to speak against them at every opportunity. I have a terribly despised ISP in my neighborhood, but they have recently upgraded their network and have provided me with great service (I believe they do NXDomain crap, but I use OpenDNS. They do it too but I have at least chosen them).
Re: (Score:2)
Find out what jurisdiction awarded/oversees the Mediacom franchise and start with them. For what it's worth, Virginia's State Corporations Commission has been very responsive to my complaint about Verizon service.
Re: (Score:2)
Should have been done years ago.
Its to bad we had to wait until Verizon's FiOS and AT&T's battle over data plans duking it out with ComCast & TimeWarner's networks to end up with a duopoly with two children at a time playing badly (and clearly illegally,) with other people's toys.
Re: (Score:3)
No, the alternative was to regulate the monopoly as if were a monopoly, as opposed to pretending there were free market forces affecting the company.
Complain to google (Score:3)
Rant and rave about shitty their website is with all the damn flashing advertisements at the top of the screen. If enough people do this, then google might actually take a look instead of ignoring the idiot user complaining about the non-existant.
Then given google is an advertising company they are likely to send the lawyers to stop said ISP from messing with their bread and butter.
Sue them (Score:5, Funny)
What they are doing is fraud. Sue them and use *AA scales to calculate compensatory damages. Assume each false-404 corresponds to one music download, charge the normal $75000 per song.
Simple (Score:2)
"How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?""
More regulation, obviously.
Re:Simple (Score:5, Insightful)
Not more, just better.
Regulation Number 1. He who owns the fiber/copper may not provide service over it.
Regulation Number 2. He who owns the fiber/copper must sell access to all comers for the same price.
Regulation Number 3. He who provides the service may not own media companies.
Regulation Number 4. If anyone gains more than 51% of the market, split the company in two.
Re: (Score:2)
Lets just implement directive 10-289 while we're at it.
Re: (Score:2)
Evasion Strategy Number 1: Make two companies, owned both by you (through sufficient indirections through holdings etc. to make this non-obvious). One holds the fiber/copper, one provides the service.
Evasion Strategy Number 2: Have that equal price so high that nobody will be interested, except for your service company (which is
Re: (Score:3)
This is why you make duck laws. If it quacks like and duck and looks like a duck, its a duck.
I would also highly suggest the service company be run like the post office.
Re:Simple (Score:5, Insightful)
Slow, 3 days across country for a couple dollars is slow?
They are the cheapest and lose/break less than the other carriers.
They only operate as a loss as they are forbidden to raise prices except for with inflation. Since we fudge they inflation number they are stuck in the middle.
I am not sure when Americans decided unions were evil, but I enjoy 40hour weeks and 5 day work weeks. Without unions we would all be virtual slaves.
Slashdot Affected? (Score:3)
Hey slashdot devs, Here's an ad for ya: "VortexCortex: Web Developers Should Know CSS/Algebra!"
Not once have I disabled ads, satisfied to give Slashdot whatever meager income the ads provide, but this has forced my hand...
report them for providing illegal services. (Score:3)
I'm not sure, but wouldn't this exclude them from common-carrier protections? If so, it should be fairly easy to make them provide you with illegal services (think gambling, not CP - no reason to get FBI on your ass).
Re:report them for providing illegal services. (Score:4, Informative)
USA ISPs are not "common carriers" under the law, no matter how much people wish they are.
Re: (Score:2)
Correct, which is why they have special provisions in the DMCA and such. They fought long and hard to not be common carriers.
People also don't seem to understand that breaking common carrier rules doesn't mean "you lose common carrier status", it means "you go to jail".
According to the article... (Score:4, Insightful)
Re:According to the article... (Score:4, Informative)
That isn't the problem.
Being a MediaCom customer I've played with this a few times in the past, complained when the opt out didn't work, and complained about it to people locally. Working for a company that make DPI appliances it was kinda fun to see it in action, but kinda scary to see it on the public internet. CenturyTel also does this exact same thing.
It scans all HTTP traffic looking for 404 errors. So if I go to http://boingboing.net/4in0in4 [boingboing.net] It will intercept the servers 404 page and redirect to to a mediacom portal site with my 404 URL as the search term and ads all over.
Re: (Score:3, Interesting)
Re: (Score:2)
Not that its a wonderful option, but you can always use tab to search in chrome. Nifty feature I just read about here: http://www.google.com/support/chrome/bin/answer.py?answer=95655 [google.com]
I use firefox stripped down to the bare interface, so I just ctrl-k to bring up a google search page.
Wire Fraud? (Score:5, Insightful)
Wire Fraud:
A customer is asking for one web page, mediacom is substituting another for monetary gain. How is this not wire fraud?
Re:Wire Fraud? (Score:4, Funny)
Wire Fraud:
A customer is asking for one web page, mediacom is substituting another for monetary gain. How is this not wire fraud?
Market cap.
File a Complaint with the State Attorney General (Score:3)
that Mediacom, by using this technique to redirect certain traffic, are in fact violating 18 U.S.C. 1030 (Fraud and Related Activity in Connection with Computers) by committing just that -- FRAUD. If I go to Google to search for an explanation of a math problem but all of my traffic is routed through Mediacom's system first and I then get responses from Mediacom that looks like they are coming from Google - that is fraud. Pure and simple. I _trust_ Google (for the most part) to give me the information I am seeking. I don't trust my ISP that is redirecting traffic and injecting their own ads to increase their profit margins. The ISP exists solely to move data, un-accosted except for "traffic shaping", across their wires. If I type in www.google.com and start a search, by all that is holy and unholy my data had better be going to Google and not be redirected to point B before reaching Google -- isn't that, technically, a man-in-the-middle attack? Which is also a violation of 18 U.S.C. 1030 I believe.
I hate that the United States is lawsuit happy but, let's face it, hitting these assholes in their pocketbooks are probably the only thing that will get them to cease and desist. Even then they'll keep trying or buy immunity or something. Until then though, I'm down with cleaning out their ill-gotten and misdirected coffers.
NOTE: I am not a lawyer and this is not legal advice.
Charter was doing this (Score:2)
Charter was doing this for a while. Really annoying. And the link to click to opt out was at the smallest font they could find. Finally got it fixed. Was not happy - if I go to Google.com, or search google in my address bar, I expect to go to Google!
ISP level redirects should be illegal. What is to stop some hacker from coming in to the ISP and redirecting traffic from bankofamerica.com to a look-a-like site? Worse yet, what would happen if their DNS lookup table (or whatever its called) gets propigated? Or
Solution: Use a different DNS server (Score:5, Informative)
Re: (Score:2)
I have Mediacom's internet service and the solution is to use a different DNS server other than the ones Mediacom provides. I use Level3's DNS servers (4.2.2.2 and 4.2.2.3) for my DNS lookups and I do not get any redirects. You can either manually set the DNS servers on your computer or set them at the router.
The Mediacom DNSs are a double-whammy -- or rather avoiding them is double-plus-good. I get a lot of 404s from Mediacom -- and the resultant redirect -- even for valid URLs ("http://www.google.com not found . . ."). I kind of have to wonder if the "DNS problems" are intentional or just a happy coincidence for them.
Re:Solution: Use a different DNS server (Score:5, Informative)
Re: (Score:2)
Re:Solution: Use a different DNS server (Score:5, Informative)
Mediacom... Gulf Coast Region (Score:2)
Not seeing it.
http://search.mediacomcable.com/prefs.php
Disable, Disable, Disable...
DMCA - copyright violation (Score:2)
Get a content provider to file a DMCA take down request against Mediacom. Or file with our friends the *AA
The content provider creates a copyright protected page representation. Mediacom is violating the copyright by modifying the representation on the fly.
The DMCA notice to Mediacom should say "stop this or be forced off line" and "Have a nice day"
Anyone at Mediacom, run Netalyzr please... (Score:2)
Anyone using Mediacom, please run Netalyzr ( http://netalyzr.icsi.berkeley.edu [berkeley.edu]) and post the results link, this might be able to detect whatever manipulation is ongoing.
Thanks!
Complain to Public Utilities Commission (Score:2)
Re:Get another ISP! (Score:5, Informative)
I'd hope Google would sue them for copyright violation, changing their webpage in transit, and collect damages per changed page. Additionally they create confusion by diluting Google's trademarks (and those of anyone else whose page is changed). I mean this violates so many laws it isn't funny.
You could serve them with a DMCA cease and decist notice as a normal website author. Fight fire with fire.
Re:Get another ISP! (Score:5, Informative)
Re: (Score:3)
Couple of things:
(1) robots.txt isn't a legal protocol. Computers don't form contracts, particularly not implicit ones by virtue of the absence of some data associated with a private convention. A lot of what Google does is understood as technically contrary to the law in some countries, to the extent that in some places (e.g. UK) the government has been lobbied by Google to extend the notion of fair use;
(2) Even if robots.txt had some force, the absence of robots.txt conventionally allows for crawling and
Follow the example of BSA and Scientology (Score:2)
IMNHO, copyright law gives the copyright holder far too much power in this matter, but that's the way the law is written.
Re: (Score:2)
Re:Get another ISP! (Score:5, Funny)
Re: (Score:2)
Does anyone know if dropping their ad server in the hosts file will fix the redirect?
Re: (Score:3)
It is usually not "their" ad server. Advertisers do not trust content providers and prefer to count the hits themselves. This means that it is most likely that the ads being inserted are not on the ISP's servers. The ISP's server are inserting code that directs the client to download ad content which, in turn, generates revenue for the ISP.
Would "adblock" work? Yeah, probably.
Re: (Score:2)
Now, depending on Mediacom's situation and just how comfortable it is, the
Re: (Score:2)
Re: (Score:2)
TDS v. Monticello perhaps?
Re: (Score:2)
The February 2010 issue of Consumer Reports ranked Mediacom 15th of 16 in TV service, 24th of 27 in Internet service, and 23rd of 23 in phone service, based on surveys.
Re: (Score:3, Insightful)
This is why we should just give up this free-market farce and regulate the ISPs as utilities, with standards on purity (e.g. not modifying traffic) and equity (not censoring traffic from conglomerate competitors). AKA net neutrality.
Re: (Score:2)
Incidents like these are simply ammunition against those who oppose net neutrality. And yes, I most definitely agree that internet service should be considered to be and regulated as a utility just like POTS. But before changes can be made, "news" has to get out that without regulation in place, opportunistic ISPs will do anything, illegal or other, to abuse their resources for additional profit.
Re:Get another ISP! (Score:5, Insightful)
This is why we should just give up this free-market farce and regulate the ISPs as utilities, with standards on purity (e.g. not modifying traffic) and equity (not censoring traffic from conglomerate competitors). AKA net neutrality.
Why not go the full mile, and decide that the internet is essential infrastructure and should be provided by the state? I know all the usual arguments, "the government is evil per definition", and "all public efforts are big, bumbling wastes of time and money". Both are disingenious, bordering on fraudulent - the state is NOT the government, just for one thing, and most of government is not the politicians; and even politicians are not all thoroughly evil, believe it or not.
And, as a matter of fact, most state driven projects are not all that bad - some are even highly succesful. It's just that bad news sell better and of course, it mets the expectations of the readers that "governments are evil and useless" - why else would they ask us to pay tax?
Re: (Score:3)
Yes, more regulation is the answer. These companies have been granted a monopoly and should be restrained to the point where they can't do any damage. Deregulating would just cause trouble with laying wires.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Mediacom high speed Internet in my area is $20 per month. This is much cheaper than their competitor Cox, who charges $50 per month. I don't care about the 404 redirection. It's a damn page not found page, who cares if they put a search engine there. I'm not about to spend $30 per month just so I don't see a search engine when I don't find the page I'm looking for. I'm surprised as many of you care as it seems. How often do you type in the wrong url anyway?
Re: (Score:3)
Re:How it doesn't works (Score:2)
I have a great solution for reducing spam. Don't reply and it will stop. If you don't buy any h3rb4l V1agr4, they eventually notice and stop.
They won't ever notice. For example, my not buying Sony products over the past dozen years is of no discernible impact to Sony. I haven't bought a Dell, but that isn't due to any problem I have with them. How is Sony to infer that I don't care for them, while Dell I just haven't bought from yet?
Re: (Score:2)
Try fining the credit card co's every time they knowingly process a payment for a spam email, and bar spamvertizers from accepting credit cards for their products.
The credit cos might not be directly involved but they're profiting on transaction fees from the whole thing, so they can darn well help police the thing. They are in an amply good position to help out with the problem.
Re: (Score:2)
You personally are not a "critical mass"
When lots of people don't buy from Sony but buy from the various other vendors, then it will be noticed.
Re: (Score:3, Insightful)
The only way companies will truly reform is when they risk losing customers. Stop complaining but cancel your contract and tell them (and the rest of the world) why.
Well, if you are without internet connection, it's a bit harder to tell the world why. :-)
Re: (Score:3)
That would be wonderful. Here's an anecdote as to why this plan fails for me in particular.
I unfortunately have Mediacom in my area. They've effectively got it made so that you can't do this. First, they charge $20/month more (I believe it was) for a non-contract plan, which adds up, and so now I'll get hit with a $200+ cancellation fee if I try switching. I also pay for an internet/cable package even though I don't want cable because it is cheaper than the same speed internet by itself. A lot of the t
Re: (Score:2)
They are not a monopoly (by the twisted logic of our legal system) because you can always cancel them and use a 56K dial up connection.
The actual argument should be that they have a franchise agreement to maintain their system in the public rights of way. And then complain to the appropriate political entity having jurisdiction.
Re: (Score:3)
Good thing they aren't common carriers, then.